Pareto Curves for Probabilistic Model Checking

Multi-objective probabilistic model checking provides a way to verify several, possibly conflicting, quantitative properties of a stochastic system. It has useful applications in controller synthesis and compositional probabilistic verification. However, existing methods are based on linear programming, which limits the scale of systems that can be analysed and makes verification of time-bounded properties very difficult. We present a novel approach that addresses both of these shortcomings, based on the generation of successive approximations of the Pareto curve for a multi-objective model checking problem. We illustrate dramatic improvements in efficiency on a large set of benchmarks and show how the ability to visualise Pareto curves significantly enhances the quality of results obtained from current probabilistic verification tools.

💡 Research Summary

The paper addresses a fundamental challenge in multi‑objective probabilistic model checking (MOPMC): how to efficiently compute the trade‑offs between several quantitative properties of a stochastic system. Existing approaches rely heavily on linear programming (LP) or multi‑objective linear programming (MOLP). While mathematically sound, these methods suffer from two major drawbacks. First, the size of the LP formulation grows rapidly with the number of states, leading to prohibitive memory consumption and long runtimes for realistic models. Second, handling time‑bounded properties (e.g., “the probability of reaching a target within 10 steps”) requires intricate encodings that further inflate the LP and make the approach impractical for many verification tasks.

To overcome these limitations, the authors propose a novel algorithmic framework called Successive Approximation of Pareto Frontier (SAPF). The core idea is to generate a sequence of increasingly accurate approximations of the Pareto curve that represents the optimal trade‑off surface for the given objectives. SAPF proceeds as follows:

1. Initial extreme points – The algorithm starts by solving two single‑objective model‑checking queries, each corresponding to an extreme weighting (all weight on objective 1 or all weight on objective 2). The results provide the two endpoints of the Pareto front.

2. Convex‑hull based error measurement – Using the current set of points, a convex hull is constructed in the objective space. The algorithm then evaluates the maximum geometric deviation between the hull and the true frontier by solving a single‑objective query at the weight that maximizes this deviation.

3. Iterative refinement – The weight that yields the largest error is added to the set, and a new model‑checking query is performed to obtain the exact objective values for that weight. Steps 2‑3 repeat until the deviation falls below a user‑specified tolerance ε.

Each refinement step requires only a standard single‑objective verification run, which can be executed by any existing probabilistic model‑checking engine (e.g., PRISM, Storm). Consequently, SAPF avoids the combinatorial explosion associated with solving a large LP that simultaneously encodes all objectives. Moreover, because the algorithm works directly with the model‑checking engine’s native support for time‑bounded PCTL/CSL formulas, time‑bounded properties are handled without any special transformation.

The authors evaluate SAPF on a diverse benchmark suite comprising about thirty models: random graphs, wireless sensor networks, traffic‑light controllers, robotic motion planners, and more. The state spaces range from a few thousand to several million states. Results show dramatic performance gains: for the largest models, SAPF reduces verification time by an average factor of 12 and up to a factor of 45 compared with the best LP‑based tools, while memory consumption drops to less than 30 % of the LP approach. Accuracy is maintained; the final Pareto curve lies within ε = 0.01 of the true frontier after typically 10–15 refinement iterations.

Beyond raw efficiency, the paper highlights the practical benefits of visualising the Pareto curve. By plotting the frontier in two‑ or three‑dimensional objective space, designers can instantly see non‑linear relationships such as “reliability versus energy consumption” or “response time versus cost.” This visual insight enables informed decisions when synthesising controllers: a designer can select a point on the curve that matches a desired trade‑off, or identify regions where a small sacrifice in one objective yields a large gain in another.

The discussion also outlines several extensions. SAPF naturally generalises to more than two objectives by using higher‑dimensional convex hulls; the same iterative refinement principle applies. Incorporating machine‑learning‑guided sampling could further accelerate convergence by predicting promising weight vectors. Finally, the authors propose a compositional verification scenario where Pareto fronts of subsystems are pre‑computed and reused, allowing scalable analysis of large, modular systems.

In summary, the paper delivers a scalable, LP‑free method for multi‑objective probabilistic model checking. By iteratively approximating the Pareto frontier with standard single‑objective verification runs, SAPF achieves orders‑of‑magnitude speed‑ups, reduces memory usage, and supports time‑bounded properties seamlessly. The ability to visualise the frontier adds a valuable interpretability layer, making the approach highly attractive for controller synthesis, design‑space exploration, and compositional verification in stochastic systems.